Categories: Breaking NewsSecurity

US Ports – Cyber attacks can cause the release of dangerous chemicals

US Ports are still vulnerable to cyber attacks that release dangerous chemicals, cybersecurity in the maritime industry is crucial for Homeland security.

Critical infrastructure across the world are vulnerable to cyber attacks, this is not novelty, but it is interesting to explore how many infrastructure is open to hacking assaults.

US ports are also vulnerable to cyber attacks that could “allow the release of harmful and dangerous chemicals” in urban areas, the alert was raised by a Michigan congressman on Thursday.

The Rep. Candice Miller, R-Mich explained that a cyber attack against a US port could cause serious damage to populated areas thanks to security gaps left unfixed by the Department of Homeland Security.

According to the congressman, the security issues were reported more than a year ago by the Government Accountability Office, but the DHS hasn’t taken the necessary steps to fix them.

“The security gaps were pointed out more than a year ago by the Government Accountability Office, but DHS officials haven’t moved against them even though there have several digital attacks on U.S. port facilities in recent months” states The Daily Caller.

According to the GAO’s Information Security Issues Director Gregory C. Wilshusen, the prevention of cyber security breaches of ports is crucial because these infrastructures are near large metropolitan areas.

U.S. ports handle “more than $1.3 trillion in cargo each year,” Wilshusen said. “A major disruption in the maritime transportation system could have a significant impact on global shipping, international trade, and the global economy, as well as posing risks to public safety.”

The cyber security issued “are particularly concerning, not only from an economic standpoint, but because of the dangerous cargo such as liquefied natural gas and other certain dangerous cargoes that pass through the nation’s seaports,” said Rep. Candice Miller, R-Mich.

The experts warn about possible cyber attacks in the industrial control systems that are used to monitor commercial activities at the US ports.
“If a cyber breach were to occur that tampered with the industrial control systems that monitor these cargoes, it could potentially allow the release of harmful and dangerous chemicals,” Miller explained that during a hearing of the border and maritime security subcommittee of the House Homeland Security Committee. Miller is chairman of the panel.

“The Coast Guard, and DHS as a whole, have been slow to fully engage on cyber security efforts at the nation’s 360 seaports,” Miller said. “The Coast Guard has not yet conducted cyber risk assessments, though some individual ports have taken the initiative themselves.”

The threat to the US ports is not only theoretical, the congressman revealed that an unnamed foreign state-sponsored hackers are “suspected” of hacking multiple systems a commercial ship contracted by the U.S. Transportation Command.

Hackers and ports are not a new combination as confirmed by Miller, she added that “in Europe, drug smugglers attempted to hack into cargo tracking systems to rearrange containers and hide their drugs.”

In 2013, an investigation of a cyber-attack on the Belgian port of Antwerp allowed law enforcement to discover that drug traffickers recruited hackers to hack IT systems that controlled the movement and location of the containers.

“Police carried out a series of raids in Belgium and Holland earlier this year, seizing computer-hacking equipment as well as large quantities of cocaine and heroin, guns and a suitcase full of cash. Fifteen people are currently awaiting trial in the two countries. Mr Wainwright says the alleged plot demonstrates how the internet is being used as a “freelance marketplace” in which drug trafficking groups recruit hackers to help them carry out cyber-attacks “to order”.  “[The case] is an example of how organized crime is becoming more enterprising, especially online,” he says.

The Europol official confirmed that organized crime groups were paying for hackers involved in criminal activities. The profitable collaboration started at least in 2011, Dutch-based trafficking group hid cocaine and heroin among legitimate cargoes, including timber and bananas shipped in containers from South America. The role of hackers based in Belgium was to infiltrate computer networks in at least two companies operating in the port of Antwerp to access secure data giving them the location and security details of containers.

Modern ports are high technological environments composed of complex systems that exchange a large amount of data. Computer systems are used to coordinate the activities, monitor the naval traffic, manage the loading and unloading of the ships.

Such systems “may be vulnerable to cyber threats from various actors with malicious intent,” Wilshusen said.

Physical and logical security must be complementary in the ports such as in any other critical infrastructure,

“Just as we have hardened physical security, we need to do the same in the virtual space for systems critical to the marine transportation system to protect against malicious actors,” Miller said.

“Reported incidents highlight the impact that cyber attacks could have on the maritime environment, and researchers have identified security vulnerabilities in systems aboard cargo vessels, such as global positioning systems for viewing digital nautical charts,” Wilshusen said.

Pierluigi Paganini

(Security Affairs – US ports , cyber security)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

American fast-fashion firm Hot Topic hit by credential stuffing attacks

Hot Topic suffered credential stuffing attacks that exposed customers' personal information and partial payment data.…

3 hours ago

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

17 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

1 day ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

1 day ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

2 days ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

2 days ago

This website uses cookies.